This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Email problems

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

If you ever get users ringing you up saying someone has received an ndr, but they dont have any more info check out this website:

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I don't know that I would believe everything that site tells you. It tells me I'm in violation of some rfc requirements on the mail server I administer, but, and this is a big but, if I was, I'd be relaying spam right and left. I choose not to configure my server that way for a reason. We simply don't accept email for which we don't have a valid account, and anyone who accepts email these days for a non-valid account is just asking to be the equivalent of an open relay.

Second, their web server is so poorly configured they are displaying internal php server errors to the world. That simply doesn't inspire confidence in me at all.

I don't know that I would believe everything that site tells you. It tells me I'm in violation of some rfc requirements on the mail server I administer, but, and this is a big but, if I was, I'd be relaying spam right and left. I choose not to configure my server that way for a reason. We simply don't accept email for which we don't have a valid account, and anyone who accepts email these days for a non-valid account is just asking to be the equivalent of an open relay.

Second, their web server is so poorly configured they are displaying internal php server errors to the world. That simply doesn't inspire confidence in me at all.

Click to expand...

Thanks for response, to be honest ive used that tool about 5 times, and its given me the same errors that it turned out the user received so i think it is ok.

I recently used a trial for a bit of software called Relay Test Pro from http://www.digiarch.org/relaytest.html - It performs about 30 different tests on your mail server checking for open relays and other issues. Worked quite well and looked the business

I recently used a trial for a bit of software called Relay Test Pro from http://www.digiarch.org/relaytest.html - It performs about 30 different tests on your mail server checking for open relays and other issues. Worked quite well and looked the business

Click to expand...

The best test I know of for an open relay is the real world one. You get blacklisted if you're an open relay. It's free too....

Thanks for response, to be honest ive used that tool about 5 times, and its given me the same errors that it turned out the user received so i think it is ok.

As for the rest of the site, tbh ive not looked at it lol

Click to expand...

I was referring to the internal broken pipe php errors that I received on the web page when I tested a known good email address on the email server I administer.

First it told me I wasn't in compliance with an rfc and then it printed out a few php errors on the web page. No web server ought to serve it's internal errors to the users of the site. It's far too large of a security hole to expose as it tells the world a lot of your application structure and script names.

I mean I know just from looking at their file structure what OS they are running, that their Apache install is a stock install from that distro, and from that I can pretty quickly deduce what version of PHP it's running. If I was a cracker that gives me some pretty interesting starting points from which to go after them. It also tells me they are not very aware of security issues if they configured PHP that way.

I was referring to the internal broken pipe php errors that I received on the web page when I tested a known good email address on the email server I administer.

First it told me I wasn't in compliance with an rfc and then it printed out a few php errors on the web page. No web server ought to serve it's internal errors to the users of the site. It's far too large of a security hole to expose as it tells the world a lot of your application structure and script names.

I mean I know just from looking at their file structure what OS they are running, that their Apache install is a stock install from that distro, and from that I can pretty quickly deduce what version of PHP it's running. If I was a cracker that gives me some pretty interesting starting points from which to go after them. It also tells me they are not very aware of security issues if they configured PHP that way.

CertForums.com is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco®, Cisco Systems®, CCDA™, CCNA™, CCDP™, CCNP™, CCIE™, CCSI™; the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. All other trademarks, including those of Microsoft, CompTIA, VMware, Juniper ISC(2), and CWNP are trademarks of their respective owners.